Homepage
Crypto
Index
Enigma
Hagelin
Fialka
Siemens
Philips
Nema
Transvertex
Gretag
Tadiran
Racal
USA
USSR
Voice
Hand
Mixers
Phones
Spy sets
Burst encoders
Intercept
Covert
Radio
PC
Donate
Kits
Shop
News
Events
Wanted
Contact
Links
Logo (click for homepage)
Philips PNVX
Secure Crypto Phone

PNVX was a series of secure telephone units, developed by Philips Crypto around 1988. It was intended for the professional market, such as the Police, the Department of Justice, the Department of Defence (DoD), Foreign Affairs, etc. It was Philips Crypto's first attempt to expand their market, after dealing exclusively with the DoD for many years. PNVX was also sold by Siemens as the Crypset 100 [8], and by Mils in Austria. It is also known as SPENDEX 9600.
 
The first generation of secure phones was the PNVX-20xx series, which was introduced around 1991. Depending on the required features, users had a choice between the PNVX-2015, PNVX-2017 and the PNVX-2019. The latter two (2017 and 2019) also featured a V.24 data-interface, allowing secure PC connections (data) in addition to speech.

The image on the right, shows a typical PNVX-6317 secure crypto phone. The images below show some of its characteristics, such as the crypto and plain buttons in close-up. 		  
Philips PNVX-6317 secure crypto phone

The PNVX-series allowed secure voice communication over standard insecure telephone lines (PSTN). Unlike older and less advanced systems that used (analog) voice scrambling, the PNVX employed advanced digital encryption. The analog voice signal from the microphone was first digitised with a vocoder (LPC-10) and then enciphered with a built-in crypto unit.

Deciphering was possible only if the person at the other end had a compatible crypto phone and the correct key. At the beginning of each secure sessions, both ends had to synchronise (12 to 24 seconds) and advanced authentication protocols were used to exchange the keys and authenticate the user's identity.
 
Philips Close-up Using Close-up The Using Mains

 
Personal Key Card
Each user of the PNVX crypto phone was issued a so-called TB-100 Personal Key Card. The card had the same size as a standard credit card, but contained a micro chip with the user's unique personal key, identity and other information.
 
Secure communication was only possible if the user's key card was inserted into a slot at the right of the phone and the matching Personal Identification Number (PIN) had been entered.

At the beginning of each secure crypto session, the identification of the person at the other end would appear in the display, so that you could check wether that person was who he said he was. The image on the right shows two such key cards. 		  
examples of TB-100 key cards

 
Two Close-up Inserting Close-up Using

 
V.24 Data Interface
Some models, like the PNVX 2017, 2018 and the later 63xx series, featured a V.24 data interface that was available as a 25-pin sub-D connector at the rear of the unit.
 
The V.24 interface enabled the phone to send data in addition to speech, allowing the connection of digital terminal equipment, such as a computer (via the COM-port), a printer of a fax unit.

Like speech, data was sent at 2400 baud, which was considered the higest possible speed available on all telephone networks world-wide at the time. When used between two computers, the PNVX would act as a (secure) modem. 		  
V.24 connection to the right of the telephone line connector

 
Interior
Although the PNVX has the looks of a standard telephone set, its weight reveils its actual identity. The bottom of the unit is made of die-cast aluminium and the top half is molded plastic. With the TEMPEST version of the PNVX, the plastic top has been sprayed on the inside with metal paint in order to provide some level of shielding.
 
The image on the right shows the interior of the PNVX after removing the plastic top half. The unit contains two large PCBs that are mounted together on a metallized plastic frame.

The top board contains the analog circuitry, like the line interface, the power supply unit (PSU) and the modem. It also contains some interfaces and the key card reader (on the right).

At the other side of the frame is the digital board that contains the 8088 CPU, memory, firmware (EPROMs) and V.24 interface. 		  
The interior of the PNVX, showing the digital board and the crypto unit (at the centre)

The PNVX contains a number of (digital) processors. The main CPU is on the bottom board. It is an OKI-built Intel 8088 (M80C88A), complete with RAM, ROM, EPROM and I/O expanders. An additional 8-bit 8085 processor handles input from the keyboard and output to the LCD display.

On the top board is the LPC-10 vocoder, consisting of a NEC D78C10 processor, RAM and software in EPROM. Also on the top board is the ROCKWELL modem interface.
 
The Analog Digital Close-up Telephone Rockwell The Top

 
Crypto unit
A small plug-in unit at the centre of the top board is the actual crypto-heart of the PNVX. Without this daughter card, the PNVX acts just as an ordinary analog phone. Different versions of this crypto module were developed for various groups of users (government, army, police, civil use).
 
The crypto-unit plugs into the main board by means of four 12-pin connectors mounted at the four courners. The image on the right shows the bottom of the unit consisting of two ASICs - that contain the actual cryptographic algorithm - and a small controller. The latter is an 8-bit 8051-based One-Time-Programmable (OTP) micro controller built by Signetics.

At the other side of the board are two Fujutsu MB603206 CPLDs, containing customised 'glue-logic'. The MB603206 were among the first generation of programmable hardware chips. 		  
Crypto Unit of the PNVX

The crypto-unit contains separate hardware for coding and decoding in order to allow full-duplex communication. The cryptographic algorithms inside the OQ 4436 ASICs were controlled by the OTP microcontroller in the middle. Depending on the customer, the software inside the controller could be adapted. For large customers it was even possible to implement their own algorithm.

Considering the era in which the PNVX was developed (late 1980s), the design of the crypto module was really state-of-the-art. The fact that ASICs and the first generation of CPLDs were used, show that Philips was at the forefront of secure phone development.
 
Crypto Top Close-up Close-up Close-up Close-up Full-view Crypto-unit

 
Known models
The PNVX-20xx series was followed by the PNVX-21xx series (1994) and finally the PNVX-63xx series in 1995. Several variations of the same principle were developed, such as a complete Crypto Switch (telephone exchange) and a separate encryptor for (analog) mobile communication networks (PNVX 2111). The PNVX-63xx series was developed especially for use by the Dutch government. The following models are currently known:
 
  • PNVX 2015, Secure Telephone
  • PNVX 2017, Secure Telephone (with data interface)
  • PNVX 2019, Secure Telephone (with data interface and extra functions)
  • PNVX 2118, Secure Telephone
  • PNVX 2111, Speech Encryptor
  • PNVX 2116, Crypto Switch
  • PLDX 6142, Line Encryptor
  • PNVX 6317, Crypto Telephone (for government use)
  • PNVX 6318, Crypto Telephone (for government use)
  • PFDX 6335, Fax Encryptor (for government use)
  • PPSX 6361, X.25 line encryptor
PNVX and PFDX
The name PNVX is the abbreviation of Philips Narrow-band Voice Encryptor. The letter 'X' is used here for 'Crypto' as with all other Philips Usfa crypto equipment. The abbreviation PFDX stands for Philips Fax and Data Encryptor. The internal designators for all secure phone products started with 'UP' followed by the model number, e.g. UP-2017 for the PNVX-2017 phone. The prefix 'UP' is most likely the abbreviation of Usfa Phone.
 
First Gulf War
During the First Gulf War in 1991, the Dutch Army operated on Iraqi territory under supervision of the United Nations (UN) in the operation Desert Storm. For secure communication with home, they used Philips PNVX phones, probably alongside the Spendex 40 (see below).
 
The image on the right shows two Dutch soldiers with blue UN barets checking in a large box with Philips PNVX phones at Schiphol Airport in Amsterdam, when leaving for Iraq. The label on the box shows PNVX 2017 as the model number, but it is highly unlikely that that model was actually used by the military.

It is far more likely that in reality the box contained the PNVX 6317 model, which used a more secure, government approved, encryption algorithm. The phone was often used by soldiers contact their families at home. To date, there have been no reports of compromised PNVX phones. 		  

PNVX phones were not only used during the First Gulf War, but also during later conflicts, such as the Iraq War (2003) [10] and by Dutch Special Forces during Operation Enduring Freedom (OEF) in Afganistan (2005-2006) [11]. According to some reports, the PNVX was also used by the Dutch Army in Banja Luke (Bosnia Herzegovina) in 2006 [12].
 
Technical specifications
For the encryption/decryption of voice data, the PNVX used a stream cipher that uses the well known principle of modulo-2 addition (XOR) to mix the data and the key stream. The length of the key was 120 bits and the system allowed more than 1038 different keys to be used. Once started, the key stream had a cycle length of more than 10,000 years, meaning that the key stream would not repeat itself within that period.
 
The key stream was generated by an in-house (Philips) developed algorithm that was hard-wired inside a custom-made crypto module with Philips' own OQ 4436 crypto chips. It was also possible to implement the customer's own algorithm, adding-in a bit of security by obscurity.   

For key management, the PNVX used a hierarchic matrix system that allowed up to 2000 users per group. Only users of the same group could communicate with each other. The actual key (group key and personal key) was stored on a separate key card (see above) which was used in combination with a PIN that had to be entered on the phone's keypad.

For authentication at the beginning of a crypto session, the PNVX used peer entity authentication, which guarantees that the other party is indeed the one it claims to be. When sychronising two PNVX phones at the beginning of a crypto session, a randomly generated information key of 64 bits was used in combination with synchronisation check series (in-sync checks).

The PNVX was suitable for connection to standard PSTN (analog) telephone lines, using either pulse dialling (IDK) or dual tone DTMF (TDK) operation. It complied with the rules and regulation in the Netherlands, which were similar to the requirements in other countries.

Speech was first digitised using a 10-bit AD convertor and then processed by an LPC-10 vocoder in order to minimise the data rate to 2400 bits/s (baud). LPC-10 was a Linear Predictive Coding standard developed by the United States Department of Defense for use by NATO. It is also known as FS-1015 or STANAG-4198 [7]. It reduced the audio quality somewhat, but would still be better than 85% DRT. According to some users, the speech legibility of the PNVX was better than that of the Motorola STU-III.

Computer data could be transmitted at the same speed (2400 baud) when connected to the V24 socket at the rear of the unit (PNVX 2017 and PNVX 2019 only).
 
Approval
For a long time, PNVX phones have been approved and used for secure voice communication up to the level of top secret, confidential and NATO secret (PNVX-6317/6318), even after the demise of Philips Crypto in 2003. As of 1 January 2010, approval has officially been withdrawn by the NBV [6], but the PNVX phones remain Controlled Cryptographic Items (CCI) for the time being. They are currently being phased out.
 
Rebadged versions
Philips PNVX phones were rather popular in The Netherlands and at NATO. In order to have a better coverage on the international market, they were also sold as a rebadged product by some other manufacturers.

In Germany, the PNVX was sold by Siemens as the Crypset 100 (shown on the right). The only difference is its colour and the company name on the front panel [8]. In Austria, the phone was sold by Mils Electronic. 		  

 
Spendex 40
Under certain circumstances the PNVX 6317 could be made interoperable with the ruggedised military Spendex 40 crypto phone. In that case, the TB-100 key card of the PNVX would act like the CIK (Crypto Ignition Key) of the Spendex 40.

Military users of these phones, would generally use a PNVX at the office and a Spendex 40 in the field. Later, when PNVX phones became mainstream items in the Dutch Department of Defence, Spendex 40 phones were gradually phased out in favour of PNVX phones.

 More information 		  
Philips Spendex 40 crypto phone

 
Brochures

Brochures of related products

Similar secure phones

References
  1. Philips Crypto BV, PNVX 2015, PNVX 2017, PNVX 2019 Operating Instructions

  2. Philips Usfa BV, High Grade Secure Telephone Set, System Descryption

  3. Philips Usfa BV, PNVX 6318 Crypto and System Installation Guide

  4. Philips Crypto BV, PNVX 211Y Product Family Brochure

  5. Philips Crypto BV, PNVX 6318, PFDX 6335 Brochure

  6. Nationaal Bureau voor Verbindingsbeveiliging (NBV, part of the AIVD),
    List of approved crypto products (Dutch)

  7. Wikipedia, LPC-10 Vocoder

  8. Jane's Military Communications, Siemens Cryptset 100 Telephone
    Fiftheenth Edition, 1994-95. page 523.

  9. Philips Crypto BV, PNVX 2118 leaflet
    Also known as SPENDEX 9600. International sales leaflet.

  10. R. Miedema, Commandovoeringsondersteuning SFIR3 (Dutch)
    Intercom 2004-4. p. 65-69.

  11. Website Boekje Pienter, Uruzgan

  12. Maurice Rijk on Linkedin

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
© Copyright 2009-2011, Paul Reuvers & Marc Simons. Last changed: Tue,27 Dec 2011.17:45:10
Click for homepage